While not sure it's perfectly handled, have done similar things in past, and
right at tope of page, I just check if the relevant session variable is set,
if so, then might check that the value is relevant, or else use
header("Location: index.php"); followed by exit(); to reroute them back to
login page, etc.
Stay well
Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'
----- Original Message -----
From: "Vinay Kannan" <vinykan@xxxxxxxxx>
To: "PHP DB" <php-db@xxxxxxxxxxxxx>; <php-windows@xxxxxxxxxxxxx>;
<phpexperts-subscribe@xxxxxxxxxxxxxxx>
Sent: Thursday, March 29, 2012 9:30 AM
Subject: Session and Access Privilages.
Hey,
I am working on the application, thought its not OOP currently, I plan to
take it further in a year or so.
Right now, I have 4 access levels which define what the users can do on
the
application.
Based on the access levels defined, a session varialble is set called
$_SESSION['authtype'], and this defines what are the links shown to the
user.
so basically the session authtype, defines what links are shown to the
users, now i am thinking that if a user comes to know of a link whihc he
does not have
access to, he / she can put that in the url and try to gain access, what i
feel is there should be some check on each of the page for the access and
if the acess
criteria is not met, then the user should be sent back to him home page
view.
Any ideas on what the best way is to implement something like this? Any
help is appreciated.
Thanks,
Vinay
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
